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DETAILED ACTION 

Response to Amendment 
This office action is in response to request for reconsideration filed on June 07, 2005. Original 
application contained Claims 1-50. Applicant currently amended Claims 5-6, 42-50, and added 
new Claims 51-59. The amendment filed on June 07, 2005 have been entered and made of 
record. Presently Claims 1-59 are pending for consideration. 

Response to Arguments 
Applicant's arguments filed on June 07, 2005have been fully considered but they are not 
persuasive because of the following reasons: 

Regarding Claims 1-50 applicants argued that the system of cited prior art (CPA) 
[Ooki et al. (U.S. Patent 5,822,518), Dustan et al. (U.S. Patent 5,884,312), Sprecher (U.S. 
Patent 5,285,494) and Dauerer et al. (U.S. Patent 5,627,967)] does not teach, the subject matter 
as claimed. 

1. Regarding Claims 1, 3-6, 8-12, 14, 25-34, 36-42, and 50 applicant argued that in Ooki 
privileges are related to a specific restricted area, not to a particular function of a particular 
software appHcation. This is not found persuasive. Ooki clearly teaches system to control 
reference of secret part of user data based on security rank of user. The system and method of 
Ooki teaches an automatic security verification and removal method which involves obtaining 
generalized description of original and new data sample pairs with transformation finding 
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invariant regions in samples for restoration The method involves transmitting a reference 
demand of the user data of other system published by a computer to an ED converter through a 
first ED management part. The ED converter converts the user ID in the demand to a guest ED by 
referring an ID conversion table and sends the demand to a second user ED management part. 
The management part checks whether the guest ID is registered in an user ID table when it is 
confirmed to be registered, reference demand is given to a security check part and to an user data 
management part. The demanded user data is then referred (col. 2 hne 6 to coL3 line 21, and 
col.Sline 16 tolcol.6 hne 61). 

2. AppUcant argument regarding Form 409 corresponding with the PCT application 
PCT/USO 1/431 16 is persuasive. Examiner acknowledges typing mistake and request to consider 
Form 408 describing rejection based on the teaching of Rosenow et al. and Imai et al. 
Regarding obviousness rejection based on combined system of Ooki, Dustan, Sprecher, and 
Dauerer, appHcant argued the combined system does not teach entitlement of users to access a 
particular function of a particular appHcation, as described in claims 2, 7, 13, 15-24, 35, and 43- 
48. This is not found persuasive. The system of Ooki, Dustan, Sprecher, and Dauerer clearly 
teaches system to control reference of secret part of user data based on security rank of user 
Ooki: col.2 line 6 to col.3 line 21, and col.Sline 16 tolcol.6 line 61; Dustan: col. 8 line 56-59, and 
col. 13 line 36 to line 40; Sprecher: col.l line 60 to 68; Dauerer: col. 1 line 44 to line 50) 

As a result, cited prior art does implement and teach a system and method that 
relates to an application for protecting software applications and their underlying proprietary data 
as broadly recited in claims. 
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Applicants clearly have failed to explicitly identify specific claim limitations, 
which would define a patentable distinction over prior arts. 

The examiner is not trying to teach the invention but is merely trying to interpret the claim 
language in its broadest and reasonable meaning. The examiner will not interpret to read 
narrowly the claim language to read exactly from the specification, but will interpret the claim 
language in the broadest reasonable interpretation in view of the specification. Therefore, the 
examiner asserts that cited prior art(s) does teach or suggest the subject matter recited in 
independent and dependent claims. Accordingly, rejections for claims 1-59 are respectfully 
maintained. 



I 

Claim Rejections - 35 (JSC § 102 

12. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for patent in the United States. 

13. Claims 1, 3-6, 8-12, 14, 25-34, 36-42, 49, 50, 51-53, and 55-59 are rejected under 35 U.S.C. 
102(b) as 

being anticipated by Ooki et al. (U.S. Patent 5,822,518). 
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14. With respect to claim 1, Ooki et ai. disclose a system for limiting access to the functionality 
of one or more software applications, comprising: 

A first memory configured to store first data related to each of the one or more software 
appHcations (column 3, lines 13-18). 

The first memory fiirther configured to store second data related to each of one or more 
users of any of the software appHcations (column 2, lines 6-10; column 3, lines 18-21); and 

A rules checker (item 13) in communication with the software appHcations and the first 
memory, said rules checker configured to: 

Receive at least one query, said query originating from any particular one of the 
soflM^are applications (column 5, lines 16-20), and 

Forward a message to the' particular software application in response to the query 
(column 5, lines 24-25), 

Wherein said message provides instructions to the particular software application 
regarding entitlements of one of the users to access a particular fiinction of the particular 
software application (column 6, lines 3-9). 

15. With respect to claim 3, Ooki et al. disclose a system, wherein the each of the one or more 
software applications are implemented on one of a mainframe and a distributed computing 
system (Figure 1, items 10 and 90; A distributed computing system is one in which different 
fiinctionality that comprises an application may be located in different components of the system. 
Li Figure 1, two different servers are connected via a network in one system in order to carry out 
the fiinctionality of the system.). 
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16. With respect to claim 4, Ooki et al. disclose a system, further comprising: 

A second memory configured to store proprietary data useful to the particular software 

application (column 6, lines 14-18), and 

Wherein said message provides information to the particular software application 

regarding authorization to output portions of the proprietary data (column 6, lines 3-9, lines 12- 

13). 



17. With respect to claim 5, Ooki et al. disclose a system, wherein the respective first data for 
each software application includes an identification of hierarchically arranged functions 
associated with that software application (column 6, lines 54-61). 

h 

18. With respect to claim 6, Ooki et al. disclose a system, wherein the query fixrther comprises 
information relating to the one of the users and relating to at least one of the functions associated 
with the particular software application (column 5, lines 16-20), and 

Wherein the message relates to that one user's authorization to access the at least one 
functions (column 6, lines 3-9). 



19. With respect to claim 8, Ooki et al. disclose a system, wherein the respective first data for 
each software appUcation includes an identification of data fields associated with that software 
appHcation (column 4, lines 31-35). 
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20. With respect to claim 9, Ooki et al. disclose a system, wherein the query further comprises 
information relating to one of the users and relating to at least one of the data fields associated 
with the particular software application (column 5, lines 10-20), and 

Wherein the message relates to that one user's authorization to access the at least one 
field (column 4, lines 31-35; column 6, lines 3-9. 

21. With respect to claim 10, Ooki et al. disclose a system, wherein the rules checker is fiirther 
configured to: 

Generate the message based on the query, the first data and the second data (column 6, 
lines 3-9). 

22. With respect to claim 1 1, Ooki et al. disclose a system, wherein: 

The respective second data for each of the users includes at least one role, from among a 
plurality of roles, associated with that particular user (column 2, lines 18-23), and 

The respective first data for each software application includes: 

An identification of hierarchically arranged fiinctions associated with that 
software application (column 2, lines 18-23), and 

A description of which of the pluraHty of roles is entitled to access each of the 
fiinctions (column 2, lines 18-23). 

23. With respect to claim 12, Ooki et al. disclose a system, wherein; 

The query includes an identification of a specific one of the users and a specific one of 



Application/Control Number: 09/988,009 Page 8 

Art Unit: 2131 

the functions associated with the particular software application (column 5, lines 16-20); 

The rules checker is further configured to generate the message based on the query the 
first data and the second data (column 6, lines 3-9); and 

The message instructs the particular software application regarding that specific user's 
entitlement to access that specific funcfion (column 6, lines 3-9). 

24. With respect to claim 14, Ooki et al. disclose a system, wherein the respecfive second data 
for each of the users includes an access level from among a plurality of access levels associated 
with that particular user (column 2, lines 18-23), said access level determining an authorization ' 
of that particular user to access proprietary data within the second memory (column 2, lines 18- 
25) and 

The rules checker is further configured to generate the message based on the query, the 
first data and the second data (column 6, lines 3-9). 

25. With respect to claim 25, Ooki et al. disclose a method for providing application-level 
security, said method comprising the steps of: 

Storing first data relating to a plurality of software applications (column 3, lines 13-18); 
Storing second data relating to a pluraHty of users of the software applications (column 2, 
lines 6-10; column 3, lines 18-21); 

Receiving a query from a particular one of the software appHcations (column 5, Hnes 10- 
20); 

In response to the query, forwarding a message to the particular software application, said 
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message providing instructions to the particular software application regarding entitlements of a 
particular user to access a ftinction of the particular software application (column 5, lines 24-25). 

26. With respect to claim 26, Ooki et al. disclose a method, fiirther comprising the step of: 

Generating the message' e based on the query, the first data and the second data (column 
6, lines 3-9). 

27. With respect to claim 27, Ooki et al. disclose a method, wherein the query includes an 
identification of the particular user and the function (column 5, lines 10-20). 

28. With respect to claim 28, Ooki et al. disclose a method, wherein the second data includes for 
each user, one or more of an associated user ED, client name, role, and business level (column 4, 
lines 23-28). 

29. With respect to claim 29, Ooki et al. disclose a method, wherein the first data includes for 
each software application an identification of associated hierarchically arranged fiinctions and 
characteristics of those users authorized to access each such fiinctions (column 6, lines 54-61). 

30. With respect to claim 30, Ooki et al. disclose a method, further comprising the steps ofi 

Correlating the first and second data tojjetermine authorized fiinctions, said authorized 
fiinctions being those particular fiinctions of each software application which are accessible by a 
specified user (column 5, lines 20-25-, column 3, lines 20-25); 
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Generating the message based on the query and the determination of authorized functions 
(column 6, lines 3-9), wherein said query includes an identification of the particular user and the 
function (column 5, lines 10-20). 

31. With respect to claim 31, Ooki et al. disclose a method, wherein the first data includes for 
each software application an identification of associated data fields and characteristics of 
entitlements of users to each data field (column 3, lines 20-25). 

32. With respect to claim 32, Ooki et al. disclose a method, further comprising the steps of: 

Correlating the first and second data to determine authorized data field operations, said 
authorized operations being those particular operations of each data field which are permitted to 
a specified user (column 5, lines 20-25; column 3, lines 20-25); and 

Generating the message based on the query and the determination of authorized 
operations (column 6, lines 3-9), wherein said query includes an identification of the particular 
user and of a predetermined data field (column 5, lines 10-20. 

33. With respect to claim 33, Ooki et al. disclose a method, further comprising the steps of: 

Storing proprietary data useful to one or more of the software applications (column 3, 
lines 13-18); and 

Storing third data relating to accessibility of the proprietary data (column 3, lines 21-27). 

34. With respect to claim 34, Ooki et al. disclose a method, further comprising the steps of: 
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Correlating the first, second and third data to determine authorized data accesses, said 
authorized data accesses being those particular data accesses of the proprietary data which are 
permitted to a specified user (column 5, lines 60-67 to column 6, lines 1-9); and 

Generating the message based on the query and the determination of authorized data 
accesses (column 6, lines 3-9, wherein said query includes an identification of the particular 
user and of predetermined proprietary data (column 5, lines 10-20). 

35. With respect to claim 36, Ooki et al. disclose a method, fiirther comprising the step of: 

Administering the first and second data by manipulating one or both of the first and 
second data according to which of a plurality of clients one or more of the users is associated 
with (column 1, lines 23-26). 

36. With respect to claim 37, Ooki et al. disclose a method, fiirther comprising the step of: 

Administering the first and second data by manipulating one or both of the first and 
second data according to the idenfity of a particular one of the users (column 2, Hnes 19-20; 
column 4, lines 23-28). 

37. With respect to claim 38, Ooki et al. disclose a method, fiirther comprising the step of: 

Administering the first and second data by manipulating one or both of the first and 
second data according to which of a plurality of roles one or more of the users is associated with 
(column 2, lines 19-20). 
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38. With respect to claim 39, Ooki et al. disclose a method, further comprising the step of: 

Administering the first and second data by manipulating all the first data relating to a 
specific one of the software applications (column 6, Hnes 54-61). 

39. With respect to claim 40, Ooki et al. disclose a method, further comprising the step of: 

Administering the first and second data by manipulating all the first data relating to one 
of a pluraHty of functions associated with a specific one of the software applications (column 6, 
lines 54-61). 

40. With respect to claim 42, Ooki et al. disclose a method, further comprising: 

A non- volatile data store indicating a hierarchical arrangement of the plurality of access 
levels (column 4, lines 31-35), and 

Wherein the rules checker is further configured to consult the data store when 
determining the authorization of that particular user (column 6, lines 3-9) 

41. With respect to claim 49, Ooki et al. disclose a method, wherein the authorization of the 
particular user to access proprietary data depends, at least in part, on the particular software 
appHcation identity (column 4, lines 31-35). 

42. With respect to claim 50, Ooki et al. disclose a method, wherein the authorization of the 
particular user to access proprietary data depends, at least in part, on the particular function 
identity (column 6, lines 12-17). 
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43. With respect to claim 41, Ooki .et al. disclose a computer readable medium bearing 
instructions for providing application-level security, said instructions being arranged to cause 
one or more processors upon execution thereof (column 3, lines 63-67) to perform the steps of: 

Storing first data relating to a plurality of software applications (column 3, lines 13-18); 
Storing second data relating to a plurality of users of the software applications (colunrn 2, 
lines 6-10; column 3, lines 18-21); 

Receiving a: query from a particular one of the software applications (column 5, lines 10- 

20); 

In response to the query, forwarding a message to the particular software application, said 
message providing instructions to the particular software application regarding entitlements of a 
particular user to access a fiinction of the particular software application (column 5, lines 24-25). 

44. With respect to claim 51, Ooki .et al. disclose wherein the one of the users utilizes a remote 
system to access the particular fimction of the particular software application, and is not signed 
on to the operating system based on which the rules checker operates (Figure 1, items 10 and 90; 
A distributed computing system is one in which different fimctionality that comprises an 
application may be located in different components of the system. In Figure 1, two different 
servers are connected via a network in one system in order to carry out the functionality of the 
system). 

45. With respect to claim 52, Ooki .et al. disclose a system wherein the one of the users is an 
organization, and the second data specifies entitlements of the organization to access one or more 
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functions of the particular software application, and entitlements of at least one individual user in 
the organization to access at least one of the one or more fiinctions of the particular software 
application that the organization is entitled to access (column 5, lines 16-20, and column 6 lines 
3-9). 

46. With respect to claim 53, Ooki .et al. disclose a system wherein the one of the users is an 
organization having associated proprietary data; the second data includes an access level 
associated with an individual user within the organization, wherein the access level is selected 
from among a plurality of access levels arranged in a hierarchical structure, and specifies an 
authorization to access at least part of the proprietary data associated with the organization; and 
the individual user is entitled to access all data accessible to an access level hierarchically 
subordinate to the access level associated with the individual user (column 2 line 18-23, and 
column 6 line 3-18). 

47. With respect to claim 55, Ooki .et al. disclose a system wherein the access level is assigned 
to the individual user based on the individual user's role within the organization or the individual 
user's job fiinction (column 5 line 16-20, and column 6 lines 3-9). 

48. With respect to claim 56, Ooki .et al. disclose a system wherein the one of the users is an 
organization having associated proprietary data; and the second data specifies an authorization 
granted to an individual user of the organization to access at least part of the proprietary data 
associated with the organization, based on a fiinction to be performed by the individual user 
(column 5 lines 16-20, and column 6 lines 3-18). 
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49. With respect to claim 57, Ooki .et al. disclose a system wherein the message includes that 
one user's authorized action on the at least one field, or the appearance of the at least one field to 
that one user (column 4, lines 3 1-35, column 5 lines 10-20, and column 6 lines 3-9). 

50. With respect to claim 58, Ooki .et al. disclose a system wherein the entitlements of the one or 
more users are dynamically configurable without the need to have a specific user to sign-off and 
sign-on again (Figure 1, items 10 and 90; A distributed computing system in which different 
functionality that comprises an application may be located in different components of the system. 
In Figure 1, two different servers are connected via a network in one system in order to carry out 
the functionality of the system without the need to sign-on/sign-off again). 

51. With respect to claim 59, Ooki .et al. disclose a system wherein the one of the users is an 
organization, and the second data specifies entitlements of the organization to access one or more 
functions of the particular software application, and entitlements of a role of the organization to 
access at least one of the one or more functions of the particular software application that the 
organization is entitled to access; and a least one individual user of the organization is assignable 
to the role (column 6, line 3-18, and column 2,lines 18-23). 



Claim Rejections - 35 USC § 103 
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44. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

45. Claims 1-50 are rejected under 35 U.S.C. 103(a) as being unpatentable over Rosenow et al. 
(U.S. Patent 5,483,596) in view of Imai et al. (U.S. Patent 5,870,467). The grounds for this 
rejection can be found in Form 409 corresponding with the PCT application PCT/USOl/431 16. 

46. Claims 2, 13, 15-20, 35 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ooki 
et al. (U.S. Patent 5,822,518) in view of Dustan et al. (U.S. Patent 5,884,312). 

47. Ooki et al. and Dustan et al. are analogous art because both are in the field of electronic 
communication. 

48. With respect to claim 2, Ooki et al. do not disclose a system, wherein the first memory is a 
relational database. 

Dustan et al. disclose a system, wherein the first memory is a relational database (column 12, 
lines 55-57). 

49. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Dustan et al. with the teachings of Ooki et al. in order to receive 
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instructions from scripts at a web server (column 12, lines 57-60). 

50. With respect to claim 13, Ooki et al. do not disclose a system, wherein the rules checker logs 
data relating to an instance in which the specific user is not entitled to access that specific 
function. 

Dustan et al disclose a system, wherein the rules checker logs data relating to an instance in 
which the specific user is not entitled to access that specific fiinction (column 13, fines 10-15). 

51. It would have been obvious to one of ordinary skill in the art at the time of the invenfion to 
have combined the teachings of Dustan et al. with the teachings of Ooki et al. in order to record 
the processes and activities in the system (column 16, lines 38-40). 

52. With respect to claim 15, Ooki et al. do not disclose a system, fiirther comprising: 
An administrative application configured to facilitate administration of the first and 
second data. 

Dustan et al disclose a system, fiarther comprising: 

An administrative application configured to facilitate administration of the first and 
second data (column 8, lines 56-69; column 13, lines 26-28). 

53. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Dustan et al. with the teachings of Ooki et al. in order to provide 
a common interface to access disparate data sources (column 4, lines 29-31). 
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54. With respect to claim 16, Ooki et al. disclose a system further comprising: 
Administering the first and second data by manipulating one or both of the first and 
second data according to which of a plurahty of clients one or more of the users is associated 
with (colunrn 1, lines 23-26). 

55. Ooki et al. do not disclose a system, wherein an administrative application administers the 
data. 

Dustan et al disclose a system, wherein the administrative application administers the data 
(column 8, lines 56-69; column 13, lines 26-28). 

56. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al. are disclosed above. 

57. With respect to claim 1 7, Ooki et al. disclose a system further comprising: 
Administering the first data by manipulating one or both of the first and second data 
according to an identity of a particular one of the users (column 2, lines 19-20; column 4, lines 
23-28). 

58. Ooki et al. do not disclose a system, wherein an administrative application administers the 
data. 

Dustan et al disclose a system, wherein the administrative application administers the data 
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59. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al. are disclosed above. 

60. With respect to claim 18, Ooki et al. disclose a system further comprising: 

Administering the first data by manipulating one or both of the first and second data 
according to which of a plurality of roles a particular one of the users is associated with (column 
2, lines 19-20). 61. Ooki et al. do not disclose a system, wherein an administrative application 
administers the data. 

Dustan et al disclose a system, wherein the administrative application administers the data 
(column 8, lines 56-69; column 13, lines 26-28). 

62. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al. are disclosed above. 

63. With respect to claim 19, Ooki et al. disclose a system further comprising'. 
Administering the first data by manipulating one or both of the first and second data 
according to which of a plurality of roles a particular one of the users is associated with (column 
2, lines 19-20). 

64. Ooki et al. do not disclose a system, wherein an administrative appUcation administers the 
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data. 

Dustan et al disclose a system, wherein the administrative application administers the data 
(column 8, lines 56-69; column 13, lines 26-28). 

65. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al. are disclosed above. 

66. With respect to claim 20, Ooki et al. disclose a system further comprising; 
Administering the first and second data by manipulating all the first data relating to one 

of a plurality of functions associated with a specific one of the software applications (column 6, 
lines 54-61). 

67. Ooki et al. do not disclose a system, wherein an administrative application administers the 
data. 

Dustan et al disclose a system, wherein the administrative application administers the data 
(column 8, lines 56-69; column 13, lines 26-28). 

68. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al. are disclosed above. 

69. With respect to claim 35, Ooki et al. do not disclose a system, further comprising the step of: 

Creating a log entry relating to the message if the message indicates instructions which 
prohibit the particular software application access to the function. 
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Dustan et al disclose a system, further comprising the step of: 

Creating a log entry relating to the message if the message indicates instructions which 
prohibit the particular software application access to the function (column 13, lines 10- 1 5). 

70. The motivational benefits of having combined the teachings of Dustan et al. with the 
teachings of Ooki et al. are disclosed above. 

71. Claims 21-24, 43-45 are rejected under 35 U.S.C. 103(a) as being tmpatentable over Ooki et 
al. (U.S. Patent 5,822,518) and Dustan et al. (U.S. Patent 5,884,312) in view of Sprecher (U.S. 
Patent 5,285,494). 

72. Ooki et al., Dustan et al. and Sprecher are all analogous art because both are in the field of 
electronic communication. 

73. With respect to claim 21, Ooki et al. and Dustan et al. do not disclose a system, further 
comprising: 

An auditing application configured to facilitate auditing of the first and second data and 
any additional data generated by the rules checker. 
Sprecher disclose a system, further comprising: 

An auditing application configured to facilitate auditing of the first and second data and 
any additional data generated by the rules checker (column 5, lines 66-68). 
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74. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Sprecher with the combined teachings of Ooki et al. and Dustan 
et al. in order to utilize real-time and historical data for analysis (column 1, lines 54-55). 

75. With respect to claim 22, Ooki et al. and Dustan et al. do not disclose a system, wherein the 
auditing application is further configured to provide a history, upon request, of messages 
forwarded by the rules checker. 

Sprecher disclose a system, wherein the auditing application is further configured to provide a 
history, upon request, of messages forwarded by the rules checker (column 7, lines 20-22). 

76. The motivational benefits of having combined the teachings of Sprecher with the combined 
teachings of Ooki et al. and Dustan et al. are disclosed above. 

77. With respect to claim 23, Ooki et al. and Dustan et al. do not disclose a system, wherein the 
history emphasizes those messages related to a failed attempt to access the particular function. 
Sprecher disclose a system, wherein the history emphasizes those messages related to a failed 
attempt to access the particular function (column 7, lines 30-31). 

78. The motivational benefits of having combined the teachings of Sprecher with the combined 
teachings of Ooki et al. and Dustan et al. are disclosed above. 



79. With respect to claim 24, Ooki et al. do not disclose a system, wherein the auditing 
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application is further configured to provide a history, upon request, of changes to one or both of 
the first data and the second data. 

80. Dustan et al. discloses a system, wherein the history consists of changes to one or both of the 
first data and second data (column 14, hnes 24-26). 

8 1. Dustan et al. do not disclose a system, wherein the auditing application is fiarther configured 
to provide a history, upon request, of any historical data after a certain date. 
Sprecher disclose a system, wherein the auditing application is further configured to provide a 
history, upon request, of any historical data after a certain date (column 8, lines 7-9. 

82. The motivational benefits of having combined the teachings of Sprecher with the combined 
teachings of Ooki et al. and Dustan et al. are disclosed above. 

83. With respect to claim 43, Ooki et al. do not disclose a system, wherein the auditing - 
application is further configured to provide real-time data logging and retrieval. 
'Sprecher disclose a system, wherein the auditing application is further configured to provide 
real-time data logging and retrieval (column 1, lines 55-61). 

84. The motivational benefits of having combined the teachings of Sprecher with the combined 
teachings of Ooki et al. and Dustan et al. are disclosed above. 
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85. With respect to claim 44, Ooki et al. and Dustan et al. do not disclose a system, wherein any 
updates to data within the relational database are performed in real-time and the rules checker is 
further configured to use the updated data. 

Sprecher discloses a system, wherein any updates to data within the relational database are 
performed in real-time and the rules checker is further configured to use the updated data 
(column 1, lines 55-61). 

86. The motivational benefits of having combined the teachings of Sprecher with the combined 
teachings of Ooki et al. and Dustan et al. are disclosed above. 

87. With respect to claim 45, Ooki et al. discloses a system, wherein the particular software 
application is configured to: 

Provide in the query to the rules checker a user identity and a secured resource identity 
(column 5, lines 16-20); 

Receive from the rules checker the message forwarded by the rules checker (column 5, 
lines 24-25); and 

Determine the entitlements of the user to access the secured resource (column 6, lines 3- 

9). 



88. Ooki et al. and Dustan et al. do not disclose a system, wherein the particular software 
application is a simulation application. 

Sprecher discloses a system, wherein the particular software application is a simulation 
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application (column 1, line 68). 

89. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Sprecher with the combined teachings of Ooki et al. and Dustan 
et al. in order to generate models of optimum conditions for potential market areas (column 4, 
lines 38-40). 

90. Claims 7, 46-48, and 54 are rejected under 35 U.S.C. 103(a) as being unpatentable over Ooki 
et al. 

(U.S. Patent 5,822,518) in view of Dauerer et al. (U.S. Patent 5,627,967). 

91. Ooki et al. and Dustan et al. are analogous art because both are in the field of electronic 
communication. 

92. With respect to claim 7, and 54 Ooki et al. do not disclose a system, wherein the 
identification of hierarchically arranged functions include fiinctions, sub-fiinctions, and sub-sub 
fimctions of the organization. 

Dauerer et al. disclose a system, wherein the identification of hierarchically arranged fimctions 
include fimctions, sub-fiinctions, and sub-sub functions (column 1, lines 44-50). 

93. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Dauerer et al. with the teachings of Ooki et al. in order to 
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provide efficient satisfaction of the basic requirements of the system (column 1, lines 44-46). 

94. With respect to claim 46, Ooki et al. do not disclose a system, wherein the query requests a 
listing of entitlements for the one user, said Hsting identifying the entitlements for every function 
associated with the one user, and wherein the message includes said listing. 

Dauerer et al. disclose a system, wherein the query requests a listing of entitlements for the one 
user, said listing identifying the entitlements for every function associated with the one user, and 
wherein the message includes said listing (column 2, lines 49-51; column 4, hnes 58-60, lines 
62-67). 

95. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Dauerer et al. with the teachings of Ooki et al. in order to defer 
updating the entire system or larger access lists (column 5, lines 2-6). 

96. With respect to claim 47, Ooki et al do not disclose a system, wherein query includes 
filtering parameters such that the listing includes only those entitlements that satisfy the filtering 
parameters. 

Dauerer et al. disclose a system, wherein query includes filtering parameters such that the listing 
includes only those entitlements that satisfy the filtering parameters (column 7, lines 51-53). 

97. It would have been obvious to one of ordinary skill in the art at the time of the invention to 
have combined the teachings of Dauerer et al. with the teachings of Ooki et al. in order to 
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simplify the maintenance of the master list (column 7, lines 48-50). 

98. With respect to claim 48, Ooki et al. do not disclose a system, wherein the filtering 
parameters specify one or more of a user role, a function identity, an application identity, and a 
user identity, and a data access level. 

Dauerer et al. disclose a system, wherein the filtering parameters specify one or more of a user 
role, a function identity, an application identity, a user identity, and a data access level (column 
7, lines 38-50). 

99. The motivational benefits of having combined the teachings of Dauerer et al. with the 
teachings of Ooki et al. are disclosed above. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
AppUcant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until afler 
the end of the THREE -MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Syed Zia whose telephone number is 571-272-3798. The 
examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
AppUcation Information Retrieval (PAIR) system. Status information for pubHshed applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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